VanillaHaze 0 Posted December 2, 2020 Share Posted December 2, 2020 (edited) I checked my log on eset this morning and this is what I saw - I did not have any idea who or what this NT/authority was but I found out it is the system root access point above admin accounts, if I understood correctly. I only have one admin/user on the system. There are a few examples like this. If there is communication with domains blacklisted for phishing scams form root user then I guess I should be worried. I removed the app that was causing the problem but I am most concerned about whether this risk extends to other devices on the network. What steps should I take? Edited December 2, 2020 by VanillaHaze Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted December 2, 2020 Administrators Share Posted December 2, 2020 Probably it's the Luminati proxy application which runs under the system account and another machine connecting via the proxy accessed the blocked url. It's a perfectly normal detection, no sign of hacking there. Link to comment Share on other sites More sharing options...
VanillaHaze 0 Posted December 2, 2020 Author Share Posted December 2, 2020 Ah, ok yes that makes sense. I knew there would be mutual resource allocation but what I didn't know or agree to was they would allow server components to access my IP / bandwidth when there front end app isn't even running - haven't connected in about 5 days. Isn't that basically backend malware? Anyway, great little discovery for me there with your software. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts